Great tips on improving ssh settings

I am currently reading “Ansible: Up and Running” and it pointed to several improvements I could do on my ssh settings. Also thanks to tenshu.net and OpenSSH Wikibooks.

Multiplexing:

Host *
  ControlPath /tmp/control-%r@%h:%p
  ControlMaster auto
  ControlPersist 10m

Generate separate known hosts file for your local domain:

Host *.mycompany.com
    UserKnownHostsFile ~/.ssh/generated_known_hosts
    StrictHostKeyChecking yes

Sane global defaults:

HashKnownHosts no
Host *
    GSSAPIAuthentication no
    ForwardAgent no

Notify new ssh connections:

Host *
    PermitLocalCommand yes
    LocalCommand /home/user/bin/ssh-notify.sh %h

Setup host forward ports:

Host port-forwards-site1.company.com
  Hostname server1.company.com
  LocalForward 1234 10.0.0.101:1234

Jumphosts:

Host jumphost.company.com
  ProxyCommand none
Host *.company.com
  ProxyCommand ssh jumphost.company.com nc -q0 %h %p

–or– ProxyCommand ssh -W %h:%p jumphost.company.com

Keep it Alive:

ServerAliveInterval 30
ServerAliveCountMax 4

Leave a Reply

Your email address will not be published. Required fields are marked *